refactor: embed close group view inside signed PaymentQuote

Move the close_group field from ChunkQuoteResponse::Success into
PaymentQuote itself, so it is covered by the quote's ML-DSA-65
signature and cannot be forged. Update validate_close_group_membership
to also accept peers from the node's own signed quote, handling
routing table churn between quote issuance and PUT arrival.

Switch evmlib to git rev a3be57f which adds the close_group field
to PaymentQuote and includes it in bytes_for_signing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: mickvandijke

Cargo.lock

@@ -28,7 +28,7 @@ saorsa-core = "0.22.0"
 saorsa-pqc = "0.5"
 
 # Payment verification - autonomi network lookup + EVM payment
-evmlib = "0.8"
+evmlib = { git = "https://github.com/WithAutonomi/evmlib", rev = "a3be57fcb3bd4982bc93ad0b58116255d509db28" }
 xor_name = "5"
 
 # Caching - LRU cache for verified XorNames

Cargo.toml

@@ -234,17 +234,14 @@ pub enum ChunkQuoteResponse {
     /// When `already_stored` is `true` the node already holds this chunk and no
     /// payment is required — the client should skip the pay-then-PUT cycle for
     /// this address. The quote is still included for informational purposes.
+    ///
+    /// The close group view is embedded inside the serialized `PaymentQuote`
+    /// and covered by the quote's ML-DSA-65 signature, so it cannot be forged.
     Success {
-        /// Serialized `PaymentQuote`.
+        /// Serialized `PaymentQuote` (includes the node's close group view).
         quote: Vec<u8>,
         /// `true` when the chunk already exists on this node (skip payment).
         already_stored: bool,
-        /// Up to `CLOSE_GROUP_SIZE` peer IDs (raw 32-byte BLAKE3 hashes) this
-        /// node considers closest to the content address, **excluding itself**
-        /// (the local node is filtered out by the DHT query). Clients combine
-        /// these views from multiple nodes to verify close-group quorum before
-        /// paying.
-        close_group: Vec<[u8; 32]>,
     },
     /// Quote generation failed.
     Error(ProtocolError),

src/ant_protocol/chunk.rs

@@ -136,6 +136,7 @@ mod tests {
             timestamp: SystemTime::now(),
             price: Amount::from(1u64),
             rewards_address: RewardsAddress::new([1u8; 20]),
+            close_group: vec![],
             pub_key: vec![],
             signature: vec![],
         }

src/payment/proof.rs

@@ -120,6 +120,7 @@ impl QuoteGenerator {
         content: XorName,
         data_size: usize,
         data_type: u32,
+        close_group: Vec<[u8; 32]>,
     ) -> Result<PaymentQuote> {
         let sign_fn = self
             .sign_fn
@@ -134,9 +135,15 @@ impl QuoteGenerator {
         // Convert XorName to xor_name::XorName
         let xor_name = xor_name::XorName(content);
 
-        // Create bytes for signing (following autonomi's pattern)
-        let bytes =
-            PaymentQuote::bytes_for_signing(xor_name, timestamp, &price, &self.rewards_address);
+        // Create bytes for signing — includes close_group so it's
+        // cryptographically bound to this quote.
+        let bytes = PaymentQuote::bytes_for_signing(
+            xor_name,
+            timestamp,
+            &price,
+            &self.rewards_address,
+            &close_group,
+        );
 
         // Sign the bytes
         let signature = sign_fn(&bytes);
@@ -152,6 +159,7 @@ impl QuoteGenerator {
             price,
             pub_key: self.pub_key.clone(),
             rewards_address: self.rewards_address,
+            close_group,
             signature,
         };
 
@@ -437,7 +445,7 @@ mod tests {
         let generator = create_test_generator();
         let content = [42u8; 32];
 
-        let quote = generator.create_quote(content, 1024, 0);
+        let quote = generator.create_quote(content, 1024, 0, vec![]);
         assert!(quote.is_ok());
 
         let quote = quote.expect("valid quote");
@@ -450,7 +458,7 @@ mod tests {
         let content = [42u8; 32];
 
         let quote = generator
-            .create_quote(content, 1024, 0)
+            .create_quote(content, 1024, 0, vec![])
             .expect("valid quote");
         assert!(verify_quote_content(&quote, &content));
 
@@ -468,7 +476,7 @@ mod tests {
         assert!(!generator.can_sign());
 
         let content = [42u8; 32];
-        let result = generator.create_quote(content, 1024, 0);
+        let result = generator.create_quote(content, 1024, 0, vec![]);
         assert!(result.is_err());
     }
 
@@ -491,7 +499,7 @@ mod tests {
 
         let content = [7u8; 32];
         let quote = generator
-            .create_quote(content, 2048, 0)
+            .create_quote(content, 2048, 0, vec![])
             .expect("create quote");
 
         // Valid signature should verify
@@ -511,7 +519,7 @@ mod tests {
         let content = [42u8; 32];
 
         let quote = generator
-            .create_quote(content, 1024, 0)
+            .create_quote(content, 1024, 0, vec![])
             .expect("create quote");
 
         // The dummy signer produces a 64-byte fake signature, not a valid
@@ -556,9 +564,15 @@ mod tests {
         let content = [10u8; 32];
 
         // All data types produce the same price (price depends on records_stored, not data_type)
-        let q0 = generator.create_quote(content, 1024, 0).expect("type 0");
-        let q1 = generator.create_quote(content, 512, 1).expect("type 1");
-        let q2 = generator.create_quote(content, 256, 2).expect("type 2");
+        let q0 = generator
+            .create_quote(content, 1024, 0, vec![])
+            .expect("type 0");
+        let q1 = generator
+            .create_quote(content, 512, 1, vec![])
+            .expect("type 1");
+        let q2 = generator
+            .create_quote(content, 256, 2, vec![])
+            .expect("type 2");
 
         // All quotes should have a valid price (minimum floor of 1)
         assert!(q0.price >= Amount::from(1u64));
@@ -572,7 +586,9 @@ mod tests {
         let content = [11u8; 32];
 
         // Price depends on records_stored, not data size
-        let quote = generator.create_quote(content, 0, 0).expect("zero size");
+        let quote = generator
+            .create_quote(content, 0, 0, vec![])
+            .expect("zero size");
         assert!(quote.price >= Amount::from(1u64));
     }
 
@@ -583,7 +599,7 @@ mod tests {
 
         // Price depends on records_stored, not data size
         let quote = generator
-            .create_quote(content, 10_000_000, 0)
+            .create_quote(content, 10_000_000, 0, vec![])
             .expect("large size");
         assert!(quote.price >= Amount::from(1u64));
     }
@@ -595,6 +611,7 @@ mod tests {
             timestamp: SystemTime::now(),
             price: Amount::from(1u64),
             rewards_address: RewardsAddress::new([0u8; 20]),
+            close_group: vec![],
             pub_key: vec![],
             signature: vec![],
         };

src/payment/quote.rs

@@ -258,6 +258,7 @@ mod tests {
             timestamp: SystemTime::now(),
             price: Amount::from(1u64),
             rewards_address: RewardsAddress::new([rewards_addr_seed; 20]),
+            close_group: vec![],
             pub_key: vec![],
             signature: vec![],
         }
@@ -456,6 +457,7 @@ mod tests {
                 timestamp: SystemTime::now(),
                 price: Amount::from(*price),
                 rewards_address: RewardsAddress::new([1u8; 20]),
+                close_group: vec![],
                 pub_key: vec![],
                 signature: vec![],
             };
@@ -566,6 +568,7 @@ mod tests {
                 price: Amount::from(*price),
                 #[allow(clippy::cast_possible_truncation)] // i is always < 7
                 rewards_address: RewardsAddress::new([i as u8 + 1; 20]),
+                close_group: vec![],
                 pub_key: vec![],
                 signature: vec![],
             };
@@ -639,6 +642,7 @@ mod tests {
                 timestamp: SystemTime::now(),
                 price,
                 rewards_address: wallet.address(),
+                close_group: vec![],
                 pub_key: vec![],
                 signature: vec![],
             };

src/payment/single_node.rs

@@ -688,10 +688,16 @@ impl PaymentVerifier {
 
     /// Verify that **every** peer in the payment proof is a known close group member.
     ///
-    /// Builds the known set from the current DHT close group plus this node
-    /// itself, then checks that each proof peer (derived via `BLAKE3(pub_key)`)
-    /// appears in that set. Rejects the proof if ANY peer is unrecognized.
+    /// Builds the allowed set from:
+    /// 1. The current DHT close group (from the routing table)
+    /// 2. This node itself
+    /// 3. Peers listed in this node's own quote's `close_group` field
     ///
+    /// Source (3) handles routing table churn: the close group may have changed
+    /// between quote issuance and the PUT arriving, but the node's own signed
+    /// quote captured its view at quote time, so those peers are still valid.
+    ///
+    /// Rejects the proof if ANY peer is unrecognized across all three sources.
     /// Skipped when `local_close_group` is empty (unit tests without DHT).
     fn validate_close_group_membership(
         &self,
@@ -702,11 +708,23 @@ impl PaymentVerifier {
             return Ok(());
         }
 
-        // Build the known peer set: current DHT close group + this node.
+        // Build the allowed peer set: current DHT close group + this node.
         let mut known_peers: HashSet<[u8; 32]> = local_close_group.iter().copied().collect();
         known_peers.insert(self.config.local_peer_id);
 
-        // Every proof peer must be in the known set.
+        // Also allow peers that were in this node's close group view at quote
+        // time. Find our own quote by matching the local rewards address, then
+        // add its signed close_group entries to the allowed set.
+        for (_, quote) in &payment.peer_quotes {
+            if quote.rewards_address == self.config.local_rewards_address {
+                for peer_id in &quote.close_group {
+                    known_peers.insert(*peer_id);
+                }
+                break;
+            }
+        }
+
+        // Every proof peer must be in the allowed set.
         for (_encoded_peer_id, quote) in &payment.peer_quotes {
             let peer_id = peer_id_from_public_key_bytes(&quote.pub_key).map_err(|e| {
                 Error::Payment(format!("Invalid ML-DSA pub_key in proof quote: {e}"))
@@ -732,7 +750,7 @@ impl PaymentVerifier {
 #[allow(clippy::expect_used)]
 mod tests {
     use super::*;
-    use ant_evm::EncodedPeerId;
+    use evmlib::EncodedPeerId;
     use saorsa_core::MlDsa65;
     use saorsa_pqc::pqc::MlDsaOperations;
 
@@ -1017,7 +1035,9 @@ mod tests {
             });
 
             let content: XorName = [i; 32];
-            let quote = generator.create_quote(content, 4096, 0).expect("quote");
+            let quote = generator
+                .create_quote(content, 4096, 0, vec![])
+                .expect("quote");
 
             peer_quotes.push((EncodedPeerId::new(rand::random()), quote));
         }
@@ -1063,6 +1083,7 @@ mod tests {
             timestamp: SystemTime::now(),
             price: Amount::from(1u64),
             rewards_address: RewardsAddress::new([1u8; 20]),
+            close_group: vec![],
             pub_key: vec![0u8; 64],
             signature: vec![0u8; 64],
         };
@@ -1105,6 +1126,7 @@ mod tests {
             timestamp,
             price: Amount::from(1u64),
             rewards_address,
+            close_group: vec![],
             pub_key: vec![0u8; 64],
             signature: vec![0u8; 64],
         }
@@ -2092,9 +2114,7 @@ mod tests {
             SystemTime::now(),
             RewardsAddress::new([1u8; 20]),
         );
-        let keypair = libp2p::identity::Keypair::generate_ed25519();
-        let peer_id = libp2p::PeerId::from_public_key(&keypair.public());
-        let peer_quotes = vec![(EncodedPeerId::from(peer_id), quote)];
+        let peer_quotes = vec![(EncodedPeerId::new(rand::random()), quote)];
 
         let payment = ProofOfPayment { peer_quotes };
 

src/payment/verifier.rs

@@ -365,17 +365,18 @@ impl AntProtocol {
 
         let close_group = self.local_close_group(&request.address).await;
 
-        match self
-            .quote_generator
-            .create_quote(request.address, data_size_usize, request.data_type)
-        {
+        match self.quote_generator.create_quote(
+            request.address,
+            data_size_usize,
+            request.data_type,
+            close_group,
+        ) {
             Ok(quote) => {
                 // Serialize the quote
                 match rmp_serde::to_vec(&quote) {
                     Ok(quote_bytes) => ChunkQuoteResponse::Success {
                         quote: quote_bytes,
                         already_stored,
-                        close_group,
                     },
                     Err(e) => ChunkQuoteResponse::Error(ProtocolError::QuoteFailed(format!(
                         "Failed to serialize quote: {e}"